CVE-2024-52005 – This vulnerability in Git allows malicious remo... (How to Fix)

Q: What is the severity of CVE-2024-52005?

CVE-2024-52005 has a CVSS score of 8.8 (HIGH). This vulnerability in Git allows malicious remote repositories to inject ANSI escape sequences into error messages displayed during clone/fetch/push operations. These sequences can manipulate terminal output to hide information or trick users into executing malicious commands. Anyone using Git to interact with untrusted repositories is affected.

📋 TL;DR

This vulnerability in Git allows malicious remote repositories to inject ANSI escape sequences into error messages displayed during clone/fetch/push operations. These sequences can manipulate terminal output to hide information or trick users into executing malicious commands. Anyone using Git to interact with untrusted repositories is affected.

💻 Affected Systems

Products:

Git

Versions: All versions before 2.47.0

Operating Systems: All platforms where Git is used

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects all standard Git installations when interacting with remote repositories via clone, fetch, or push operations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could craft malicious escape sequences that hide warnings and trick users into executing arbitrary commands on their system, potentially leading to full system compromise.

🟠

Likely Case

Attackers could hide important security warnings, misrepresent repository contents, or manipulate users into running untrusted scripts through social engineering.

🟢

If Mitigated

With proper terminal settings or patched Git versions, escape sequences are sanitized or ignored, preventing manipulation of terminal output.

🌐 Internet-Facing: HIGH - Git operations frequently involve remote repositories from the internet, making this easily exploitable.

🏢 Internal Only: MEDIUM - Internal repositories could still be compromised or malicious, but attack surface is smaller than internet-facing scenarios.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the victim to interact with a malicious repository. No public exploit code is available, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Git 2.47.0 and later

Vendor Advisory: https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329

Restart Required: No

Instructions:

1. Check current Git version with 'git --version'. 2. Update Git using your system's package manager (apt, yum, brew, etc.). 3. For manual installation, download from git-scm.com. 4. Verify update with 'git --version' to confirm 2.47.0 or higher.

🔧 Temporary Workarounds

Disable ANSI escape sequence processing

all

Configure your terminal to ignore or sanitize ANSI escape sequences

export TERM=dumb
git config --global core.pager 'cat'

Avoid untrusted repositories

all

Only clone/fetch from trusted sources and avoid recursive clones from unknown repositories

🧯 If You Can't Patch

Only interact with repositories from trusted, verified sources
Use terminal emulators that filter or ignore ANSI escape sequences by default

🔍 How to Verify

Check if Vulnerable:

Run 'git --version' and check if version is below 2.47.0

Check Version:

git --version

Verify Fix Applied:

Run 'git --version' and confirm version is 2.47.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual ANSI escape sequences in Git operation logs
Suspicious remote: messages during clone/fetch operations

Network Indicators:

Git protocol traffic to unknown or suspicious repositories

SIEM Query:

Search for Git operations with unusual error messages containing escape sequences or patterns like \x1b[

📊 Metadata

CVE ID: CVE-2024-52005

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-116

EPSS Score: 0.08% exploit probability (23th percentile)

Published: January 15, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 Vendor Advisory
https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52005, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Git by Git

Git by Git

Git by Git

Git by Git

Git by Git

Git by Git

Git by Git

Git by Git

Git by Git

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable ANSI escape sequence processing

Avoid untrusted repositories

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities